Category: Uncategorized

Industry Overview
Digital & Trend Reports
Overview and forecasts on trending topics
Industry & Market Reports
Industry and market insights and forecasts
Companies & Products Reports
Key figures and rankings about companies and products
Consumer & Brand Reports
Consumer and brand insights and preferences in various industries
Politics & Society Reports
Detailed information about political and social topics
Country & Region Reports
All key figures about countries and regions
Market forecast and expert KPIs for 600+ segments in 150+ countries
Insights on consumer attitudes and behavior worldwide
Business information on 60m+ public and private companies
Explore Company Insights
Detailed information for 35,000+ online stores and marketplaces
Directly accessible data for 170 industries from 50 countries and over 1 million facts:
Customized Research & Analysis projects:
Get quick analyses with our professional research service
The best of the best: the portal for top lists & rankings:
Transforming Data into Design:
Statista Content & Design
Strategy and business building for the data-driven economy:

According to estimates from Statista’s Cybersecurity Outlook, the global cost of cybercrime is expected to surge in the next five years, rising from $8.44 trillion in 2022 to $23.84 trillion by 2027. Cybercrime is defined by Cyber Crime Magazine as the “damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.”
As more and more people turn online, whether for work or their personal lives, there are more potential opportunities for cyber criminals to exploit. At the same time, attacker techniques are becoming more advanced, with more tools available to help scammers. The coronavirus pandemic saw a particular shift in cyber attacks, as Statista’s Outlook analysts explain: “The COVID-19 crisis led to many organizations facing more cyberattacks due to the security vulnerability of remote work as well as the shift to virtualized IT environments, such as the infrastructure, data, and network of cloud computing.”
Read more on the costliest cyber attacks here.

Description
This chart shows the expected cost of cybercrime until 2027.
Report
Can I integrate infographics into my blog or website?
Yes, Statista allows the easy integration of many infographics on other websites. Simply copy the HTML code that is shown for the relevant statistic in order to integrate it. Our standard is 660 pixels, but you can customize how the statistic is displayed to suit your site by setting the width and the display size. Please note that the code must be integrated into the HTML code (not only the text) for WordPress pages and other CMS sites.
Statista offers daily infographics about trending topics, covering:
Economy & Finance, Politics & Society, Tech & Media, Health & Environment, Consumer, Sports and many more.
Feel free to contact us anytime using our contact form or visit our FAQ page.

Need infographics, animated videos, presentations, data research or social media charts?
More Information

source

From reaching customers that are buying security solutions in new ways, to fighting cybercrime and emerging threats alongside their trusted channel partners, here’s what some of the world’s biggest security CEOs are prioritizing this year.
Winning With The Channel
It’s not an understatement to say that cybersecurity CEOs in 2023 have their hands full. The world is coming off of three years of disruption, new demands on IT infrastructure, and oftentimes, geographically distributed end users. While it’s been challenging for the cybersecurity sector, it’s also been a time of unprecedented growth.
The increased attack surface across enterprises and SMBs alike presents a heightened risk of cyber-attacks, breaches, and bad actors looking to take advantage of the trends that have emerged in recent years, such as teleworking and hybrid work. But security vendors are used to both staying ahead of the threats and playing defense. Locking down their clients’ valuable assets, blocking ransomware attacks and boosting privacy are just some of the challenges that these companies have been handling right along. But they aren’t on the battlefield alone – these companies are working alongside their channel partners to take on emerging threats and to serve up security solutions in the new ways that customers are looking to buy.
As part of CRN’s CEO Outlook 2023 report, we asked the CEOs at some of the world’s biggest security companies to fill in the blank: My top priority for 2023 is…
Here’s what they had to say.
Gina Narcisi is a senior editor covering the networking and telecom markets for CRN.com. Prior to joining CRN, she covered the networking, unified communications and cloud space for TechTarget. She can be reached at gnarcisi@thechannelcompany.com.

source

The United States is under siege and many threats originate from the same place, even if the day’s headlines don’t make it obvious.
Russia is certainly the threat du jour because of its rampant use of cyberattacks, invasion of Ukraine, and energy extortion on much of Europe. The Cybersecurity & Infrastructure Security Agency (CISA) even launched a “Shields Up” campaign that centers around cyber threats originating from Russia. Add the threat of nuclear war to the equation, and it’s easy to understand why Russia captures so much of our attention.
But there is a greater threat that is so pervasive and omnipresent that it has infiltrated your teenager’s social media, breached both federal and state agencies and much of the supply chain supporting our defense industrial base.
Military, intelligence, and economic advantages are made in America and then quickly stolen by China.
China is simultaneously influencing hours of your children’s time every day on TikTok, breaching federal agencies to compromise the personal information of tens of millions of Americans, and very recently at least six state government networks. And let’s not forget the vast supply chain that enables the world’s greatest fighting force. Our defense industrial base is routinely attacked by China, in parallel to their assault on the rest of American citizens, government, and business.
Many Americans now understand that TikTok is more than just viral videos; it’s a data harvester. Seven governors (so far) have banned the use of TikTok on state devices: Kay Ivey of Alabama, Bill Lee of Tennessee, Spencer Cox of Utah, Kevin Stitt of Oklahoma, Larry Hogan of Maryland, Kristi Noem of South Dakota, and Henry McMaster of South Carolina. 
The Chinese Communist Party reportedly is using companies like ByteDance, TikTok’s parent company, and telecom provider Huawei as levers to run a longstanding espionage program.
TikTok has already started paying out after settling a $92 million class action lawsuit that claimed the app violated privacy rights. CNN reported that the FBI determined Huawei equipment — currently deployed on cell phone towers near military bases — is capable of “capturing and disrupting highly restricted” Defense Department (DOD) communications. The Federal Communications Commission (FCC) designated Huawei as a national security risk last year.
These are not isolated incidents.
China doesn’t always use private businesses to do its dirty work, and it isn’t just after data. Chinese officials reportedly have targeted Federal Reserve employees for a decade to gain influence and undermine monetary policy. A report from Sen. Rob Portman of Ohio says that unless action is taken, China has “an open avenue to disrupt the integrity of the American financial system, jeopardizing U.S. national security.” Even more brazen, hackers linked to the Chinese government stole millions in COVID-19 benefits, according to the Secret Service.
Between its motivations, pervasiveness, and coordination in stealing American data and attempting to use it against us, China is clearly the largest threat to the U.S. — the Pentagon certainly sees it that way.
Is China ready to leapfrog the United States from a military dominance perspective? What about the political, economic, and intelligence advantages that the U.S. holds? Gaining supremacy in those areas is China’s goal, and it’s closer to reality than hyperbole.
China has been breaking into computer networks of government contractors for the better part of two decades. This means organizations from defense to critical infrastructure have had schematics, research and development, and other sensitive data all being fed to the Chinese government.
The call to action on stopping China came way back in 2008. Deputy Secretary of Defense Gordon England gathered top eight aerospace and defense CEOs to the Pentagon and told them to “stop the bleeding” of data that was occurring on their networks. Nearly 15 years later, action hasn’t been swift enough.
In July 2020, FBI director Christopher Wray called this Chinese theft “on a scale so massive that it represents one of the largest transfers of wealth in human history. If you are an American adult, it is more likely than not that China has stolen your personal data.”
Only in March 2022 did Congress pass the Cyber Incident Reporting for Critical Infrastructure Act, which requires breach victims to notify CISA within 72 hours of a significant cyber incident and within 24 hours of paying a ransom. The legislation also gives CISA up to two years to issue proposed rules and even longer for a final rule.
As CNN’s reporting indicates, the U.S. government has known about China’s targeting of critical communication networks near military bases, but still hasn’t fully funded a program to rip and replace the equipment. To do so would be a burdensome and expensive endeavor, but losing our military, technical, and intelligence advantages is far more costly and difficult to swallow.
Our government is getting much better at responding to threats like Chinese talent plans, but we have to increase the speed with which we act. We’ve known about these threats for nearly two decades, yet no mandatory cybersecurity minimums are in place for defense contractors to do business with the U.S. government.
In August 2020, the Trump administration issued an executive order that sought to ban TikTok in the U.S. over its data collection practices. Ten months later, the Biden administration rescinded it and replaced it with one of its own.
Too often, Chinese threats are intentionally minimized because so many U.S. organizations have business there. In October 2019 Daryl Morey, then the general manager of the NBA’s Houston Rockets, published a tweet in support of Hong Kong protesters. That tweet alone reportedly cost the NBA between $150 million and $200 million.
With so much profit to be made in China, there is financial incentive to look the other way as the heist of American data and intellectual property continues.
It might be tempting to compare this hostility to the Cold War, but Soviet Russia didn’t have the kind of reach, manufacturing capacity, or economic power that China has now. China is pervasive in its ability to produce goods and services that Americans want and need, from apps like TikTok to semiconductors and cellular communication equipment. China can weaponize and distribute its data collection efforts in ways that can be devastating to America.
Federal agencies like the FCC, DOD, and Securities and Exchange Commission (SEC) each have a regulatory lever they can pull. Acting in unison would provide some consistency in those efforts. However, our best shot at meaningful progress in shunning China’s ongoing threat is growing public-private partnerships.
Instead of a naming-and-shaming reactive culture, we need to double down on a proactive, information-sharing, forward-defending posture.
Victims shouldn’t be penalized for sharing breach information or indicators of compromise. That intel should be distributed through the appropriate public-private partnerships to better protect our critical infrastructure.
Creating mandatory cybersecurity minimums certainly has an associated cost, but we are getting to a point where we can either pay now or pay later. The cost of inaction is likely unbearable, an erosion of democracy that we probably can’t even fully grasp.
Eric Noonan is CEO of CyberSheath.
THE HILL 1625 K STREET, NW SUITE 900 WASHINGTON DC 20006 | 202-628-8500 TEL | 202-628-8503 FAX
© 1998 – 2023 Nexstar Media Inc. | All Rights Reserved.

source

Let Cybersecurity Dive’s free newsletter keep you informed, straight from your inbox.

The report, conducted by the market research firm of Vanson Bourne, examines the value and implementation of threat intelligence across global organizations. The respondents span 13 countries and 18 industries, including financial services to healthcare and government. 
Effective threat intelligence can impact detections, inform incident response and help guide network defenders proactively hunt for threats, according to Luke McNamara, Mandiant principal analyst, Google Cloud. Threat intelligence can also help the C-suite and board members gain a better understanding of the threat landscape and how that may impact operations. 
“Ultimately, threat intelligence is an input into the security function of an organization, that when properly used and disseminated to the right stakeholders within the organization, helps mitigate business risk,” McNamara said via email. 
Oftentimes threat actors are hiding for weeks and months within an organization’s computer systems and if their techniques and behavior patterns are unknown, they can often do tremendous damage before a security team even understands what has taken place. 
For example, the SolarWinds supply chain attacks were first disclosed in December 2020, however subsequent research found the threat actors were quietly lurking inside the systems of government agencies and private organizations for more than a year before the attack was officially discovered. 
The Mandiant report indicates companies may not always have regular communication with their leadership about current developments.
Cybersecurity is discussed on average every four to five weeks within organizations, including with the C-suite, board members and other senior stakeholders. Cybersecurity discussions are less frequent with other groups, such as investors, taking place on average every seven weeks. 
Correction: This article has been updated to reflect the supply chain attacks targeting SolarWinds took place in 2020.
 
Get the free daily newsletter read by industry experts
The scale of cyberthreats are growing, spilling into the mainstream. In 2023, expect the spotlight to add pressure to businesses that have underinvested in security. 
CISOs are up against talent shortages and retention concerns amid an increasingly sophisticated threat landscape.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
The scale of cyberthreats are growing, spilling into the mainstream. In 2023, expect the spotlight to add pressure to businesses that have underinvested in security. 
CISOs are up against talent shortages and retention concerns amid an increasingly sophisticated threat landscape.
The free newsletter covering the top industry headlines

source

Today’s columnist, Shmuel Gihon of Cyberint, says the continued proliferation of ransomware has forced companies to take a more proactive approach to cybersecurity awareness. (Credit: Stock Photo, Getty Images)
Ransomware attacks mushroomed during the pandemic and now continue to grow. Before March 2020, there were four major ransomware groups operating at any one time and today there are around 20. Competition has become fierce among ransomware groups and there’s a high mortality rate. Just as LockBit 3.0 replaced Conti in 2022, newcomers such as BlackBasta, BianLian, and new-kid-on-the-block Royal are now all seriously vying for LockBit’s crown in 2023.
They bring with them new threats and fresh tactics, techniques, and procedures (TTPs), such as BianLian’s use of hard-to-crack GoLang to write its malware. The increased use of cloud services that enabled efficient WFH practices, plus a significant rise in the number of third-party services and suppliers being integrated into the corporate infrastructure has also considerably extended the attack surface.
Organizations should strengthen their cybersecurity in several important areas. Start by understanding that most breaches occur as a result of employee error. This can involve anything from opening an email attachments from an unknown source to downloading a dodgy app onto a personal smartphone.
Although major breaches such as Colonial Pipeline in the U.S. and, more recently, the UK’s Royal Mail breach grab the headlines, it’s generally more modestly-sized organizations which offer the most tempting targets for ransomware groups. In addition to generally weaker security, targeting firms with $20-$100 million in annual revenue means a successful cyber-attack won’t get widely reported and investigated. Major breaches that are perceived to affect national security and infrastructure are taken extremely seriously not only by the investigating authorities, but also by unpaid armies of hackers, such as those who deposed top 2021’s top ransomware gang, the Conti Group. Ideal targets are businesses with about 50 employees and $30 million in revenue.
The suddenness of the epidemic and the speed of national lockdowns meant that companies, even the biggest and best organized, had no time to prepare for the mass exodus from the workplace in 2020. For some years, bring-your-own-device (BYOD) strategies had been used by many SMEs to save cash by encouraging staff to use their own smartphones and tablets for work communications. But WFH exposed the weaknesses in this strategy from a security standpoint and it has already resulted in a recent rapid growth in identity theft. A single employee will frequently log onto scores of external websites every day, submitting personal and log-in details that criminals can steal and sell in large batches on the dark web and then used in subsequent  attacks.
It’s therefore essential that given the growing ransomware threat, organizations raise cybersecurity awareness across the entire organization, particularly among those staff who have opted to continue to work from home in the post-pandemic era.
The regular emails that some companies send staff warning them of the dangers are insufficient, as they are frequently ignored. Engage with staff where possible. For instance, the intelligence gathered from a questionnaire designed to highlight ongoing security issues and dangerous behaviours can then get relayed back to the staff to inform them that, for example, 30% of employees may leave themselves open to spear-phishing attacks.
But raised awareness must also go hand-in-hand with basic precautions, including updating the system regularly, rather than every couple of months as is the case at many companies. Failing to prioritize system updates needlessly leaves the organization playing Russian roulette with the ransomware gangs for weeks on end.
We also recommend using a virtual private network (VPN) for staff working from home accessing the corporate network. Organizations should ideally have insisted on this at the beginning of WFH. Most staff returning home continued to use their own personal devices and ill-secured home Wi-Fi networks. Many homes also use technology to control and monitor domestic appliances, which then also present tempting attack vectors for determined criminals.
But while insisting staff use VPNs to access the corporate network and supplying them with dedicated devices for work use may offer the best solution in theory, companies also need to consider time and money concerns. It’s expensive to buy and maintain workstations and other devices for all the staff. Companies may also find it impractical to use multiple communications devices for those working in certain sectors, such as finance and tech where they need to contact important staff 24×7.
So businesses need to update security protocols and install safeguards, and also educate the staff with access to the corporate network as to the true nature and pace of the ongoing war they are fighting with fast-growing ransomware groups in 2023.
Shmuel Gihon, threat intelligence researcher, Cyberint
February 27, 2023
Steve ZurierMarch 3, 2023
Fintech Hatch Bank was the second of the 130 companies reportedly compromised by Clop ransomware group; more are expected to come forward as reporting deadlines near.
Jessica DavisMarch 3, 2023
A CISA alert on Royal ransomware warns threat actors are using the variant to target critical infrastructure sectors like healthcare and manufacturing in force, detailing the latest tactics.
On-Demand Event
On-Demand Event
On-Demand Event
By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.
Copyright © 2023 CyberRisk Alliance, LLC All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.
Your use of this website constitutes acceptance of CyberRisk Alliance Privacy Policy and Terms & Conditions.

source

Federal systems are vulnerable to cyberattacks. Our High Risk report identified 10 critical actions for addressing federal cybersecurity challenges.
In this report, the last in a series of four, we cover the 2 actions related to Protecting Privacy and Sensitive Data:
We’ve made 236 public recommendations in this area since 2010. Nearly 60% of those recommendations had not been implemented as of December 2022.

Overview
We have made 236 recommendations in public reports since 2010 with respect to protecting cyber critical infrastructure. Until these are fully implemented, federal agencies will be more limited in their ability to protect private and sensitive data entrusted to them. For more information on this report, visit https://www.gao.gov/cybersecurity.
Improve Federal Efforts to Protect Privacy and Sensitive Data
In September 2022, our review of 24 agencies found that most had generally established policies and procedures for key privacy program activities. These activities included, among other things, developing system-of-records notices that identify types of personal data collected, conducting privacy impact assessments, and documenting privacy program plans. Agencies varied in establishing policies and procedures for coordinating privacy programs with other agency functions. Further, many agencies did not fully incorporate privacy into their risk management strategies, provide for privacy officials’ input into the authorization of systems containing PII, or develop a continuous monitoring strategy for privacy. Without fully establishing these elements of their privacy programs, agencies have less assurance that they are consistently implementing privacy protections.
Extent to Which 24 Chief Financial Officers Act of 1990 Agencies Addressed Key Practices for Establishing a Privacy Program

➢ We recommended that Congress consider legislation to designate a dedicated, senior-level privacy official at agencies that lacked one. We also made recommendations to the Office of Management and Budget to facilitate information sharing to help agencies address selected challenges and better implement privacy impact assessments. Finally, we made recommendations to 23 of the 24 agencies we reviewed to fully implement all of the key practices for their privacy programs.
Appropriately Limit the Collection and Use of Personal Information and Ensure that it is Obtained with Appropriate Knowledge or Consent
In June 2021, we reported on the results of our survey of 42 federal agencies that employ law enforcement officers about their use of facial recognition technology. Twenty reported owning systems with facial recognition technology or using systems owned by other entities, such as other federal, tribal, state, local, and territorial governments and non-government entities.
Types of Photos Used by Federal Agencies That Employ Law Enforcement Officers

Agencies reported using the technology to support several activities (e.g., criminal investigations) and in response to COVID-19 (e.g., to verify an individual’s identity remotely). All 14 agencies that we reviewed reported using the technology to support criminal investigations also reported using systems owned by non-federal entities. However, only one of those 14 was aware of what non-federal systems employees used. By having a mechanism to track what non-federal systems employees use and assessing privacy and accuracy-related risks, agencies can better mitigate risks to themselves and the public.
➢ We recommended that 13 federal agencies implement a mechanism to track what non-federal systems with facial recognition technology employees use and assess the risks of using these systems.
In January 2022, we reported that the five federal financial regulators we reviewed had built more than 100 information system applications that regularly collect and use extensive amounts of PII to fulfill their regulatory missions. These regulators collect PII directly from individuals and financial institutions and share it with entities such as banks or service providers, contractors and other third parties, and other federal and state regulators. Regulators use the PII to conduct supervisory examinations of financial institutions and to receive and respond to complaints or inquiries from customers.
Collection, Use, and Sharing of Personally Identifiable Information (PII) at Selected Federal Financial Regulators

We reported that the financial regulators we reviewed created privacy programs that generally take steps to protect PII in accordance with key practices in federal guidance. However, four of the regulators did not fully implement key practices in other privacy protection areas. For example, these regulators did not document steps taken to minimize the collection and use of PII. Until these regulators take steps to mitigate these weaknesses, the PII they collect, use, and share could be at increased risk of compromise.
➢ We made several recommendations that federal financial regulators better ensure the privacy of the PII that they collect, use, and share.
For more information about this Snapshot, contact: Marisol Cruz Cain, Director, Information Technology & Cybersecurity, cruzcainm@gao.gov, (202) 512-5017.
Stay informed as we add new reports & testimonies.

source

ChatGPT has answers for almost everything, but there is one answer we may not know for a while: will its unintended consequences for cyber security turn this tool into a genie that its creators regret taking out of the bottle?
BlackBerry surveyed 1,500 IT decision makers across North America, the UK and Australia and half (51 percent) predicted we are less than a year away from a cyber attack credited to ChatGPT. Three-quarters of respondents believe foreign states are already using ChatGPT for malicious purposes against other nations.
The survey also exposed a perception that, while respondents see ChatGPT as being used for ‘good’ purposes, 73 percent acknowledge its potential threat to cyber security and are either ‘very’ or ‘fairly’ concerned, proving artificial intelligence (AI) is a double-edged sword.  
The emergence of chatbots and AI-powered tools presents new challenges in cyber security, especially when such tools end up in the wrong hands. There are plenty of benefits to using this kind of advanced technology and we are just scratching the surface of its potential, but we also cannot ignore the ramifications. As the platform matures and hackers become more experienced, it will become more difficult to defend without also using AI to level the playing field.
It is no surprise people with malicious intent are testing the waters, but over the course of this year I expect we shall see hackers get a better handle on how to use ChatGPT successfully for nefarious purposes.
AI is fast-tracking practical knowledge mining, but the same is true for malware coders, with the ever-evolving cyber security industry often likened to a never-ending whack-a-mole game where the bad guys emerge as quickly as they have been mitigated. In the past, these bad actors would rely on their own experience, forums and security researcher blog posts to understand different malicious techniques then convert them into code. Programs like ChatGPT, however, have given them another arrow in their quiver to test out its efficacy to wreak digital havoc.
AI can be used in several ways to carry out cyber attacks, for example automated scanning for vulnerabilities and trying out new attack techniques. Through AI, advanced persistent threats (APTs) can carry out highly targeted attacks to steal sensitive data or disrupt operations. APTs typically involve a sustained attack on a single organization and are often launched by nation-states or highly sophisticated threat actors.
AI can also be used to create convincing phishing emails, text messages and social media posts to trick people into providing sensitive information or installing malware. AI generated deepfake videos can be used to impersonate officials or organizations in phishing attacks. It can be used to launch distributed denial of service (DDoS) attacks, which involve overwhelming an organization’s systems with traffic to disrupt operations, or be used to gain control over critical infrastructure, causing real-world damage.
The growing use of AI in developing threats makes it even more critical to stay one step ahead by also using AI to proactively fight threats.
Organizations need to continue to focus on improving prevention and detection, and this is a good opportunity to look at how to include more AI in different threat classification processes and cyber security strategies. 
One of the key advantages of using AI in cyber security is its ability to analyze vast amounts of data in real time. The sheer volume of data generated by modern networks makes it impossible for humans to keep up. AI can process data much faster, making it more efficient at identifying threats.
As cyber attacks become more severe and sophisticated and threat actors evolve their tactics, techniques, and procedures (TTP), traditional security measures become obsolete. AI can learn from previous attacks and adapt its defenses, making it more resilient against future threats.
AI can also be used to mitigate APTs, which are highly targeted and often difficult to detect, allowing organizations to identify threats before they cause significant damage. Using AI to automate repetitive tasks when it comes to security management also allows cyber security professionals to focus more on strategic tasks, such as threat hunting and incident response.
In security AI matters more than ever now that cyber criminals are using it to up their game. Blackberry’s research reveals that the majority (82 percent) of IT decision-makers plan to invest in AI-driven cyber security in the next two years and almost half (48 percent) plan to invest before the end of 2023. This reflects the growing concern that signature-based protection solutions are no longer effective in providing cyber protection against an increasingly sophisticated threat.  
IT decision makers are positive ChatGPT will enhance cyber security for business, but our survey also shows 85 percent of respondents believe governments have a moderate-to-high responsibility to regulate advanced technologies. 
Both cyber professionals and hackers will continue to investigate how they can best use this technology and only time will tell whose is more effective. In the meantime, for those wishing to get ahead before it is too late it is time to put AI at the top of your cyber technology tools wish list and learn to fight fire with fire.  
 

08 – 09 March 2023
Free CS Hub Online Event
08 March, 2023
Online
15 March, 2023
Online
15 March, 2023
Online
March 21, 2023
Free CS Hub Online Event
22 March, 2023

Insights from the world’s foremost thought leaders delivered to your inbox.
2023-04-20
10:00 AM – 11:00 AM EST
2023-04-12
10:00 AM – 11:00 AM EST
2023-04-05
10:00 AM – 11:00 AM SGT
Reach Cyber Security professionals through cost-effective marketing opportunities to deliver your message, position yourself as a thought leader, and introduce new products, techniques and strategies to the market.
Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.
Cyber Security Hub, a division of IQPC

Careers With IQPC| Contact Us | About Us | Cookie Policy
Become a Member today!
Already an IQPC Community Member?
Sign in Here or Forgot Password
Sign up now and get FREE access to our extensive library of reports, infographics, whitepapers, webinars and online events from the world’s foremost thought leaders.
We respect your privacy, by clicking ‘Subscribe’ you will receive our e-newsletter, including information on Podcasts, Webinars, event discounts, online learning opportunities and agree to our User Agreement. You have the right to object. For further information on how we process and monitor your personal data click here. You can unsubscribe at any time.

source

Prototype pollution
Prototype pollution project yields another Parse Server RCE
Bug Bounty Radar
The latest programs for February 2023
All Day DevOps
AppSec engineer keynote says Log4j revealed lessons were not learned from the Equifax breach
Infosec beginner?
A rough guide to launching a career in cybersecurity
Cybersecurity conferences
A schedule of events in 2022 and beyond
Entry-level training courses offer paths to glory

The global cybersecurity workforce gap is estimated at 2.7 million people, with the problem particularly acute when it comes to entry-level roles.
Cybersecurity nevertheless promises an interesting and potentially lucrative career. Even though the profession is open to people with any degree or none – providing they have the aptitude to learn – it can still be daunting to make the initial first steps and difficult to know where to begin.
The talent pool might potentially be expanded through more inclusive and broader hiring strategies. Against this, unrealistic hiring practices sometimes create barriers to entry for those looking to enter the profession, especially those seeking a career change.
The path into a career in information security is, however, eased by a growing number of entry level training schemes and courses. The Daily Swig has surveyed this landscape to chart some promising routes offered by various reputable training providers.
Catch up on the latest cybersecurity education news and analysis
For example, cybersecurity skills training organization (ISC)² reports that more than 1,500 individuals have undertaken its entry-level infosec certification pilot exam since the program launched at the end of January 2022.
The qualification is designed to support industry entrants embarking on cybersecurity careers, ranging from recent university graduates, to career changers, to IT professionals looking to switch roles and focus on infosec. In all cases, the certificate offers a means to validate their foundational security skills.
For employers seeking to fill entry-level roles, the qualification offers evidence that newcomers have the foundational knowledge, skills, and abilities necessary to thrive in the sector. According to (ISC)², the qualification shows that candidates for junior roles are familiar with technical concepts whilst having an aptitude for on-the-job learning.
The (ISC)² entry-level pilot exam evaluates candidates across five domains; security principles; business continuity, disaster recovery, and incident response concepts; access control concepts; network security; and security operations.
In preparation, candidates pay for a choice of either live instructor-led training sessions (available as a course package that includes access to online learning resources an exam voucher for $649) or more economical online, self-paced learning resources (available with an exam voucher for $199).
Within the cybersecurity education market, however, (ISC)² is far from the only game in town.
Entry-level courses can demonstrate that candidates possess foundational skills and knowledge
The SANS Institute offers a five-day, in-person Introduction to Cyber-Security course that covers a mix of technical and business issues. SANS Institute courses are well regarded but not inexpensive.
GIAC Information Security Fundamentals, for example, retails at $6,600.
Other paid-for SANS Institute introductory courses focusing on specific areas of cybersecurity – such as cloud computing, digital forensics, and incident response – are also available.
SANS also offers free-of-charge security workshops and other content, though this material is more geared towards the professional development needs of those who have already established a cybersecurity career.
Coursera offers access to online courses from leading universities and companies.
The Coursera platform provides routes that run the gamut from short online classes and hands-on projects that teach job-relevant skills in less than two hours, to job-ready certificates and degree programs. Short courses cost up to $99 while professional certifications run between $2,000-$6,000 and degrees between $9,000-$45,000.
A yearly subscription to Coursera’s online courses costs $399.
Coursera offers a variety of entry-level cybersecurity courses, each affiliated to universities or technology companies.
For example, Introduction to Cyber Security Specialization from New York University includes four courses aimed at beginners. It can be completed in about four months with four hours of learning per week.
Attractive, lower cost options might also be found in modules and courses in cybersecurity from Udemy.
Courses can be classroom-based, online or a mix of the two
There’s also an Introduction to Cyber Security course from the UK’s Open University that is particularly suitable for those looking for a flexible course aimed at beginners. The course doesn’t lead to a formal qualification but is available online and is accredited by several reputable organizations in the UK cybersecurity sector.
“Over eight weeks, the course will take on average three hours a week to complete,” an Open University (OU) spokesperson told The Daily Swig.
“The course is accredited by APMG International, the Institute of Information Security Professionals, and the (UK) National Cyber Security Centre. The Certificate of Achievement for this course demonstrates awareness of cybersecurity issues across 12 of the IISP skills groups, and demonstrates that participants have completed a course that meets the awareness level requirements of NCSC Certified Training.”
Another option from the Open University involves a part-time degree course that offers a BSc in Cyber Security at the end of six years. There’s also a postgraduate micro-credential in Cyber Security Operations.
The best way to find Open University courses related to cybersecurity is by using the course search bar on the OU’s homepage.
Quite a few well established and respected infosec professionals got their start in the field by simply picking up a book and getting stuck in.
There’s no better example of this than noted bug bounty hunter David Litchfield, who 25 years ago passed his Certified Novell Administrator (CNA) exam courtesy of a related CNA guidebook, thus certifying his ability to maintain networks running the then ubiquitous but since obsolete Novell NetWare networking software.
Fast forward to the 2020s and you’ll find PortSwigger’s* Web Security Academy offering a free-of-charge service that explains key concept and vulnerabilities in web security. This learning exercise is reinforced through a series of labs graded ‘Apprentice’, ‘Practitioner’, or ‘Expert’.
Practice in the labs gives learners proficiency with Burp Suite, a web security testing tool that’s the industry standard for pen testers and bug bounty hunters alike.
Next, The Daily Swig’s own John Leyden plans to try his hand at modules from the (ISC)2 entry level qualification to see how he fares. Stay tuned for a follow-up feature this autumn.
Additional reporting by Simon Baker, IT security manager at PortSwigger
*PortSwigger is the publisher of The Daily Swig
YOU MAY ALSO LIKE Vast majority of ethical hackers keen to spend more time bug bounty hunting – report
John Leyden
@jleyden
Burp Suite
Vulnerabilities
Customers
Company
Insights
© 2023 PortSwigger Ltd.

source

The White House
1600 Pennsylvania Ave NW
Washington, DC 20500
We the Quad partners of Australia, India, Japan, and the United States are launching a public campaign to improve cyber security across our nations: the Quad Cyber Challenge. We are inviting Internet-users across the Indo-Pacific and beyond to join the Challenge and pledge to practice safe and responsible cyber habits. The Challenge reflects our continuing Quad efforts to strengthen individuals’ and communities’ cyber security awareness and action, as well as to foster a more secure and resilient cyber ecosystem to benefit economies and users everywhere.
 
Internet-users worldwide are targets of cybercrime and other malicious cyber threats that can cost trillions of dollars each year and compromise sensitive, personal data. Many cyber attacks can be guarded against by simple preventive measures. Together, Internet users and providers can take small steps to significantly improve cybersecurity and cyber safety. These steps include routinely installing security updates, enabling enhanced identity checks through multi-factor authentication, utilizing stronger and regularly changing passphrases, and knowing how to identify common online scams, like phishing.
 
The Challenge provides resources, such as basic cybersecurity information and training, for all users – from corporations to education institutions, small businesses, and individuals from grade school students to the elderly, and will culminate in events during the week of April 10th. The Quad partners are working to ensure everyone has access to the resources needed to make informed decisions while online and using smart devices. Learn what you and your organization can do to foster a more safe, secure, and resilient cyberspace so that we can collectively be better protected from cyber threats.

###
We’ll be in touch with the latest information on how President Biden and his administration are working for the American people, as well as ways you can get involved and help our country build back better.
Opt in to send and receive text messages from President Biden.
The White House
1600 Pennsylvania Ave NW
Washington, DC 20500

source

Tech companies pledge free cybersecurity training during White House summit Tuesday
Your email has been sent
The goal is to help alleviate the estimated 700,000 vacancies in cybersecurity jobs in the U.S.
A number of companies pledged to do their parts to help assuage the shortage of cybersecurity professionals during the White House National Cyber Workforce and Education Summit on Tuesday.
The summit’s goal was to “raise the bar on cybersecurity through greater awareness, education and training,’’ the White House said in a statement. It was also designed as “a call to action — to ensure that all Americans can capitalize on the benefits of the digital domain.”
Among the participating companies was (ISC)², a nonprofit association of certified cybersecurity professionals, which announced the (ISC)² One Million Certified in Cybersecurity program. The program pledges to put one million people through its foundational Certified in Cybersecurity entry-level certification exam and education program for free.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
The association noted that research suggests organizations that focus on recruiting and developing entry-level cybersecurity staff — including those with little or no technical experience — accelerate the hands-on training the next generation of professionals needs to start a successful cybersecurity career.
Those who earn the (ISC)² Certified in Cybersecurity certification will demonstrate to employers that they have the foundational knowledge, skills and abilities necessary for an entry-level cybersecurity role, the association said.
“We support the aims of the Biden Administration, the U.S. national cyber director and administrations around the world focused on this critical issue,’’ said Clar Rosso, CEO of (ISC)², in a statement. “We are proud to announce this initiative alongside so many others who share a strong commitment to addressing our cybersecurity workforce challenges and look forward to building the public-private partnerships needed to accomplish our goal of One Million Certified in Cybersecurity.”
(ISC)² will open registration starting in September. Qualified individuals will receive a free exam as well as access to the (ISC)² Certified in Cybersecurity online self-paced education course. The course provides a review of the subject matter published in the Certified in Cybersecurity exam outline, which covers the security concepts that the certification candidates will be evaluated on, including:
University students, recent graduates, career changers and other professionals wishing to expand their skills and opportunities are encouraged to participate, especially individuals employed or seeking employment within small and mid-sized businesses.
(ISC)² said it would work closely with new and existing partner organizations to reach historically underrepresented populations and encourage greater diversity within the cybersecurity community. The association has pledged that half of the expanded commitment — 500,000-course enrollments and exams — will be directed toward students of historically black colleges and universities, minority-serving institutions, tribal organizations and women’s organizations across the U.S. and the globe.
After successfully completing the exam, candidates will become (ISC)² members with access to a wide array of professional development resources to help them throughout their careers.
(ISC)² estimates a global cybersecurity workforce gap of more than 2.7 million. While the U.S. cybersecurity workforce comprises more than 1.14 million people, according to the association, the federal government estimates the country has more than 700,000 cybersecurity job vacancies.
Also at the summit, Cisco announced its commitment to training an additional 200,000 students in the U.S. over the next three years.
The company’s corporate education program, Cisco Networking Academy, partners with 49% of the nation’s community and technical colleges and 48 of the nation’s 107 HBCUs, the company said.
“While the cyber workforce deficit constitutes a near- and long-term threat to our national and economic security, it also represents an opportunity to employ a more diverse and inclusive workforce in jobs with low barriers to entry and substantial income potential,’’ said Francine Katsoudas, executive vice president and chief people, policy and purpose officer, in a blog announcing Cisco’s commitment. “To close this gap and leverage the related employment opportunities, we need to ensure that cybersecurity training and education is available to broader segments of society who use information and communications technology in our rapidly changing world.”
Fortinet announced that its information security awareness and training service will be made available to schools across the United States, free of cost. The expansion of the company’s free training offerings is part of Fortinet’s commitment to train one million people in cybersecurity by 2026 to make a significant dent in addressing the skills gap, the company said.
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Tech companies pledge free cybersecurity training during White House summit Tuesday
Your email has been sent
Your message has been sent
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
With a lot of choices in the market, we have highlighted the top six HR and payroll software options for 2023.
Microsoft’s latest Windows 11 allows enterprises to control some of these new features, which also include Notepad, iPhone and Android news.
Salaries for remote roles in software development were higher than location-bound jobs in 2022, Hired finds.
With so many agile project management software tools available, it can be overwhelming to find the best fit for you. We’ve compiled a list of 10 tools you can use to take advantage of agile within your organization.
With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to ‘eliminate’ passwords entirely.
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
For managed services providers, deploying new PCs and performing desktop and laptop migrations are common but perilous tasks. The adage “you’re only as good as your last performance” certainly applies. An MSP and its technicians can get everything right, complete a client’s complex cloud migrations, and perform remote work initiatives and proprietary business application upgrades, …
Successful IT departments are defined not only by the technology they deploy and manage, but by the skills and capabilities of their people. IT workers must keep up to date with the latest technology trends and evolutions, as well as developing soft skills like project management, presentation and persuasion, and general management. Due to the …
Managed services providers often prioritize properly configuring and implementing client network switches and firewalls. However, regularly reviewing and updating such components is an equally important responsibility. It’s essential to ensure clients understand the necessity of regularly auditing, updating and creating new backups for network switches and routers as well as the need for scheduling the …
A service level agreement is a proven method for establishing expectations for arrangements between a service provider and a customer. SLAs involve identifying standards for availability and uptime, problem response/resolution times, service quality, performance metrics and other operational concepts. SLAs streamline operations and allow both parties to identify a proper framework for ensuring business efficiency …

source